AWS Security Blog

Category: Security, Identity, & Compliance

Introducing GxP Compliance on AWS

We’re happy to announce that customers now are enabled to bring the next generation of medical, health, and wellness solutions to their GxP systems by using AWS for their processing and storage needs. Compliance with healthcare and life sciences requirements is a key priority for us, and we are pleased to announce the availability of […]

Read More

How to Record and Govern Your IAM Resource Configurations Using AWS Config

AWS Config recently added the ability to record changes to the configuration of your AWS Identity and Access Management (IAM) users, groups, and roles (collectively referred to as IAM entities) and the policies associated with them. Using this feature, you can record configuration details for these IAM entities, including details about which policies are associated […]

Read More

The IAM Console Now Helps Prevent You from Accidentally Deleting In-Use Resources

Deleting unused resources can help to improve the security of your AWS account and make your account easier to manage. However, if you have ever been unsure of whether an AWS Identity and Access Management (IAM) user or role was being used actively, you probably erred on the side of caution and kept it. Starting […]

Read More

Adhere to IAM Best Practices in 2016

As another new year begins, we encourage you to review our recommended AWS Identity and Access Management (IAM) best practices. Following these best practices can help you maintain the security of your AWS resources. You can learn more by watching the IAM Best Practices to Live By presentation that Anders Samuelsson gave at AWS re:Invent […]

Read More

AWS ISO 27001 Certification Increases Total In-Scope Services to 33

AWS has just completed our annual audit of ISO 27001, a certification we achieved back in 2010. 10 new services are now in scope under ISO 27001: Amazon CloudFront Amazon EC2 Container Service (ECS) Amazon Elastic File System (EFS) Amazon Simple Email Service (SES) Amazon WorkDocs Amazon WorkMail Amazon WorkSpaces AWS Directory Service AWS Key […]

Read More

Another Way to Remove Unnecessary Permissions in Your IAM Policies by Using Service Last Accessed Data

In my previous post, I introduced service last accessed data, a new feature of the AWS Identity and Access Management (IAM) console that helps you define policies that adhere better to the principle of least privilege. As part of that post, I walked through a sample use case demonstrating how you can use service last […]

Read More

How to Automatically Update Your Security Groups for Amazon CloudFront and AWS WAF by Using AWS Lambda

Update on June 14, 2018: We removed an out-of-date code sample. Update on August 23, 2018: We revised the “Configure your Lambda function’s trigger” procedure. Amazon CloudFront can help you increase the performance of your web applications and significantly lower the latency of delivering content to your customers. Recently announced, AWS WAF (a web application firewall) […]

Read More

AWS Certification Update – ISO 9001 Has 10 New Services in Scope

Today we’re happy to announce we’ve added 10 new services to our ISO 9001 certification: Amazon CloudFront Amazon EC2 Container Service (ECS) Amazon Elastic File System (EFS) Amazon Simple Email Service (SES) Amazon WorkDocs Amazon WorkMail Amazon WorkSpaces AWS Directory Service AWS Key Management Service (KMS) AWS WAF – Web Application Firewall This increases the […]

Read More

How to Set Up SSO to the AWS Management Console for Multiple Accounts by Using AD FS and SAML 2.0

AWS supports Security Assertion Markup Language (SAML) 2.0, an open standard for identity federation used by many identity providers (IdPs). SAML enables federated single sign-on (SSO), which enables your users to sign in to the AWS Management Console or to make programmatic calls to AWS APIs by using assertions from a SAML-compliant IdP. Many of […]

Read More